CVE-2014-2241

Published: Mar 18, 2014Modified: May 6, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer functions in cff/cf2ft.c in FreeType before 2.5.3 do not properly check if a subroutine exists, which allows remote attackers to cause a denial of service (assertion failure), as demonstrated by a crafted ttf file.

Affected (4)

Products: Freetype: Freetype · Canonical: Ubuntu Linux

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Freetype Freetype	Up to 2.5.2
Freetype Freetype	Version 2.5.1
Freetype Freetype	Version 2.5

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 13.10

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969

Source: cve@mitre.org

ExploitPatch

http://savannah.nongnu.org/bugs/?41697

Source: cve@mitre.org

http://secunia.com/advisories/57447

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/03/12/4

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2148-1

Source: cve@mitre.org

http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=135c3faebb96f8f550bd4f318716f2e1e095a969

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

http://savannah.nongnu.org/bugs/?41697

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/57447

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2014/03/12/4

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2148-1

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.